Risk

INFORMATION POLICY FOR THE U.S. HEALTH SECTOR:
ENGINEERING, POLITICAL ECONOMY, AND ETHICS

SYSTEMIC RISKS

Provider-patient trust

It is easy to understand the desire to limit access to one’s health care records, which contain or allude to some of the most intimate information conceivable about an individual. Medical files routinely itemize current and past physical status, diseases and disabilities, treatments and medications – not just of the patient but also of his or her family. Records can include material on mental health and psychological stability (including details of therapy or counseling), dietary and drug use (both legitimate and illegitimate), recreational and exercise habits, sexual practices (disclosed or supposed), as well as ancillary demographic information (such as education, employment, income, marital status and family composition). Sophisticated diagnostic testing, such as afforded by new genetic technologies, provides the ability to predict future disease and disability with ever greater specificity; these results will increasingly be "part of the file" as well (Institute of Medicine, 1994). It has long been understood that, in the US particularly, such data can condition not only access to health, life or disability insurance, but the ability to obtain and hold employment, get housing or secure an education (National Research Council, 1972; Westin, 1977).

An atmosphere of distrust about the confidentiality of computer-resident information accordingly breeds fears of personal humiliation, loss of reputation, and risks to financial status. Public opinion polling data confirms substantial fears (Equifax-Harris, 1993; Harris-Equifax, 1995). Recent media attention to data security incidents has no doubt added to concerns (see e.g., Kolata, 1995). Public confidence in the practices of researchers, physicians, nurses and hospitals remains at fairly high levels, at least for the moment, but insurers and employers are decidedly less trusted.

In medical settings, concerns about data practices obviously may cause persons to consider withholding information from their health care providers. Such nondisclosure presents clear risks for the patient, since it could materially affect the course of care. Equally, physicians may elect to keep some types of information out of patient records because of confidentiality concerns, or keep duplicate, private records of sensitive information. Incomplete or inaccurate records have the potential to contaminate the knowledge base for systemic health research. Conversely, if patients are given the ability to limit sharply access to their records, health providers may be precluded from rendering optimal care due to inadequate information, and all manner of health research may be severely impaired. Finding broadly acceptable solutions to privacy/efficiency tradeoffs is thus not merely an ethical "nicety" or an refractory engineering puzzle, but a matter that potentially conditions the abilities of the clinical and research apparati of health care to function at all.

New users, new uses As noted elsewhere, managed care depends on an intensive information foundation at a micro level. Each patient’s health care history is an input to systemic analysis of the providers and institutions that constitute the "practice plan," an effort that is facilitated considerably by electronic record-keeping. In addition to the usual patient historical data, extensive justifications are typically recorded at stages in the individual’s course of care, particularly for referrals from the "gatekeeper" primary care practitioner to subspecialists. Intimate medical information – such as with mental health services – becomes fodder for examination beyond the practitioner and patient at these points (Jellinek and Nurcombe, 1993; Boyle and Callahan, 1995). These reviews can serve to weed out inappropriate and unnecessary service provision, supplementing other systemic incentives to control costs. They may also, to a cynical eye, verge on a form of rationing by inconvenience. Regardless of the intent, practitioners in managed care environments can rarely guarantee that they will be able to keep patients’ health information limited to themselves or any identifiable set of others within the practice environment, given the range of reviewing entities. Some health plans do explicitly manage information practices, by both policy and practice, to alleviate such concerns. But they are probably the exception rather than the rule.

The synergy of new technological capabilities and market pressures has led to a range of users, uses and types of data collection across the health care system. The recent hearings of the National Committee on Vital and Health Statistics, mandated by Kassebaum-Kennedy (PL104-191), uncovered an increasingly complex pattern of health information traffic, undertaken by an increasingly diverse collection of corporate entities (NCVHS Hearings, 1997). Such complexity presents challenges for the design of legislation, which must find a way to sort users, uses and data into plausible categories. It also challenges fundamental notions of "fair information practices" (about which more in the section on ethical issues), which are built on a notion that the system is understandable to persons whose data is a part of it.